The Luxembourg security specialists G-SEC have published details of a vulnerability in the majority of browsers which will either crash the browser or consume so much memory that it makes the computer virtually unusable. The trick is simple. Using JavaScript’s DOM (Document Object Model), create a selection menu on the web page; a select element. Then assign to that select element’s length attribute a very high value, as a result there is a continuous allocation of memory. The length attribute specifies the number of menu items the select element should contain, and according to the specification (and common sense) should be read only, but in many cases, it is writeable. Read the full story [The H Security].
New DOM Flaw Can Crash IE, Other Major Browsers
Author:
Dennis Fisher
minute read
Share this article:
The Luxembourg security specialists G-SEC have published details of a vulnerability in the majority of browsers which will either crash the browser or consume so much memory that it makes the computer virtually unusable. The trick is simple. Using JavaScript’s DOM (Document Object Model), create a selection menu on the web page; a select element. Then assign to that select element’s length attribute a very high value, as a result there is a continuous allocation of memory. The length attribute specifies the number of menu items the select element should contain, and according to the specification (and common sense) should be read only, but in many cases, it is writeable. Read the full story [The H Security].